public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: "Taylor Beebe" <taylor.d.beebe@gmail.com>
To: devel@edk2.groups.io
Cc: Jian J Wang <jian.j.wang@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>
Subject: [edk2-devel] [PATCH v3 01/26] MdeModulePkg: Add DXE and MM Memory Protection Settings Definitions
Date: Wed, 30 Aug 2023 16:18:09 -0700	[thread overview]
Message-ID: <20230830231851.779-2-taylor.d.beebe@gmail.com> (raw)
In-Reply-To: <20230830231851.779-1-taylor.d.beebe@gmail.com>

These headers provide settings definitions for memory protections,
settings profiles for easily enabling memory protections,
and the GUIDs used for producing the memory protection HOB entry.

The settings options are functionally 1:1 with the existing
PCD bitfield definitions. Instead of setting a fixed at build
PCD, memory protections will be set via a HOB
at runtime.

Signed-off-by: Taylor Beebe <taylor.d.beebe@gmail.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
---
 MdeModulePkg/Include/Guid/MemoryProtectionSettings.h | 216 ++++++++++++++++++++
 MdeModulePkg/MdeModulePkg.dec                        |   5 +
 2 files changed, 221 insertions(+)

diff --git a/MdeModulePkg/Include/Guid/MemoryProtectionSettings.h b/MdeModulePkg/Include/Guid/MemoryProtectionSettings.h
new file mode 100644
index 000000000000..889e87011fbf
--- /dev/null
+++ b/MdeModulePkg/Include/Guid/MemoryProtectionSettings.h
@@ -0,0 +1,216 @@
+/** @file
+Defines memory protection settings guid and struct for DXE and MM.
+
+Copyright (C) Microsoft Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef MEMORY_PROTECTION_SETTINGS_H_
+#define MEMORY_PROTECTION_SETTINGS_H_
+
+#define OEM_RESERVED_MPS_MEMORY_TYPE  EfiMaxMemoryType
+#define OS_RESERVED_MPS_MEMORY_TYPE   (EfiMaxMemoryType + 1)
+#define MAX_MPS_MEMORY_TYPE           (EfiMaxMemoryType + 2)
+#define MPS_MEMORY_TYPE_BUFFER_SIZE   (MAX_MPS_MEMORY_TYPE * sizeof (BOOLEAN))
+
+// Current DXE iteration of MEMORY_PROTECTION_SETTINGS
+#define DXE_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION  1
+
+// Current MM iteration of MEMORY_PROTECTION_SETTINGS
+#define MM_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION  1
+
+#define DXE_MEMORY_PROTECTION_SIGNATURE  SIGNATURE_32('D', 'M', 'P', 'S')
+#define MM_MEMORY_PROTECTION_SIGNATURE   SIGNATURE_32('M', 'M', 'P', 'S')
+
+typedef UINT8   MEMORY_PROTECTION_SETTINGS_VERSION;
+typedef UINT32  MEMORY_PROTECTION_SETTINGS_SIGNATURE;
+
+typedef struct {
+  BOOLEAN    Enabled            : 1;
+  BOOLEAN    DisableEndOfDxe    : 1;
+  BOOLEAN    NonstopModeEnabled : 1;
+} DXE_NULL_DETECTION_POLICY;
+
+typedef struct {
+  BOOLEAN    ProtectImageFromUnknown : 1;
+  BOOLEAN    ProtectImageFromFv      : 1;
+} DXE_IMAGE_PROTECTION_POLICY;
+
+typedef struct {
+  BOOLEAN    PageGuardEnabled        : 1;
+  BOOLEAN    PoolGuardEnabled        : 1;
+  BOOLEAN    FreedMemoryGuardEnabled : 1;
+  BOOLEAN    NonstopModeEnabled      : 1;
+  BOOLEAN    GuardAlignedToTail      : 1;
+} DXE_HEAP_GUARD_POLICY;
+
+typedef struct {
+  BOOLEAN    Enabled            : 1;
+  BOOLEAN    NonstopModeEnabled : 1;
+} MM_NULL_DETECTION_POLICY;
+
+typedef struct {
+  BOOLEAN    PageGuardEnabled   : 1;
+  BOOLEAN    PoolGuardEnabled   : 1;
+  BOOLEAN    NonstopModeEnabled : 1;
+  BOOLEAN    GuardAlignedToTail : 1;
+} MM_HEAP_GUARD_POLICY;
+
+typedef struct {
+  BOOLEAN    EnabledForType[MAX_MPS_MEMORY_TYPE];
+} MPS_MEMORY_TYPES;
+
+//
+// Memory Protection Settings struct
+//
+typedef struct {
+  // This signature is used to identify the memory protection settings structure.
+  MEMORY_PROTECTION_SETTINGS_SIGNATURE    Signature;
+
+  // The current version of the structure definition. This is used to ensure there isn't a
+  // definition mismatch if modules have differing iterations of this header. When creating
+  // this struct, use the DXE_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION macro.
+  MEMORY_PROTECTION_SETTINGS_VERSION      StructVersion;
+
+  // If enabled, the page at the top of the stack will be invalidated to catch stack overflow.
+  BOOLEAN                                 CpuStackGuardEnabled;
+
+  // If enabled, the stack will be marked non-executable.
+  BOOLEAN                                 StackExecutionProtectionEnabled;
+
+  // If enabled, accessing the NULL address in UEFI will be caught by marking
+  // the NULL page as not present.
+  //   .NullDetectionEnabled    : Enable NULL pointer detection.
+  //   .DisableEndOfDxe         : Disable NULL pointer detection just after EndOfDxe.
+  //                              This is a workaround for those unsolvable NULL access issues in
+  //                              OptionROM, boot loader, etc. It can also help to avoid unnecessary
+  //                              exception caused by legacy memory (0-4095) access after EndOfDxe,
+  //                              such as Windows 7 boot on Qemu.
+  //   .NonstopModeEnabled      : If enabled the debug flag will be raised when a fault occurs
+  //                              to break into debugger.
+  DXE_NULL_DETECTION_POLICY    NullPointerDetection;
+
+  // Set image protection policy.
+  //
+  //  .ProtectImageFromUnknown          : If set, images from unknown devices will be protected by
+  //                                      DxeCore if they are aligned. The code section becomes
+  //                                      read-only, and the data section becomes non-executable.
+  //  .ProtectImageFromFv               : If set, images from firmware volumes will be protected by
+  //                                      DxeCore if they are aligned. The code section becomes
+  //                                      read-only, and the data section becomes non-executable.
+  DXE_IMAGE_PROTECTION_POLICY    ImageProtection;
+
+  // If a bit is set, memory regions of the associated type will be mapped non-executable.
+  //
+  // The execution protection setting for EfiBootServicesData and EfiConventionalMemory must
+  // be the same.
+  MPS_MEMORY_TYPES               ExecutionProtection;
+
+  //  Configures general heap guard behavior.
+  //
+  //  .PageGuardEnabled         : Enable page guard.
+  //  .PoolGuardEnabled         : Enable pool guard.
+  //  .FreedMemoryGuardEnabled  : Enable freed-memory guard (Use-After-Free memory detection).
+  //  .NonstopModeEnabled       : If enabled the debug flag will be raised when a fault occurs
+  //                              to break into debugger.
+  //  .GuardAlignedToTail       : TRUE if the pool is aligned to tail guard page. If FALSE, the
+  //                              pool is aligned to head guard page.
+  //
+  //  Note:
+  //  a) Due to the limit of pool memory implementation and the alignment
+  //     requirement of UEFI spec, HeapGuard.GuardAlignedToTail is a try-best
+  //     setting which cannot guarantee that the returned pool is exactly
+  //     adjacent to head or tail guard page.
+  //  b) Freed-memory guard and pool/page guard cannot be enabled
+  //     at the same time.
+  DXE_HEAP_GUARD_POLICY    HeapGuard;
+
+  // Indicates which type allocation need guard page.
+  //
+  // If bit is set, a head guard page and a tail guard page will be added just
+  // before and after corresponding type of pages which the allocated pool occupies,
+  // if there's enough free memory for all of them.
+  //
+  // These settings are only valid if HeapGuard.PoolGuardEnabled is TRUE.
+  MPS_MEMORY_TYPES    PoolGuard;
+
+  // Indicates which type allocation need guard page.
+  //
+  // If a bit is set, a head guard page and a tail guard page will be added just
+  // before and after corresponding type of pages allocated if there's enough
+  // free pages for all of them.
+  //
+  // These settings are only valid if HeapGuard.PageGuardEnabled is TRUE.
+  MPS_MEMORY_TYPES    PageGuard;
+} DXE_MEMORY_PROTECTION_SETTINGS;
+
+//
+// Memory Protection Settings struct
+//
+typedef struct {
+  // This signature is used to identify the memory protection settings structure.
+  MEMORY_PROTECTION_SETTINGS_SIGNATURE    Signature;
+
+  // The current version of the structure definition. This is used to ensure there isn't a
+  // definition mismatch if modules have differing iterations of this header. When creating
+  // this struct, use the MM_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION macro.
+  MEMORY_PROTECTION_SETTINGS_VERSION      StructVersion;
+
+  // If enabled, accessing the NULL address in MM will be caught by marking
+  // the NULL page as not present.
+  //   .NullDetectionEnabled    : Enable NULL pointer detection.
+  //   .NonstopModeEnabled      : If enabled the debug flag will be raised when a fault occurs
+  //                              to break into debugger.
+  MM_NULL_DETECTION_POLICY                NullPointerDetection;
+
+  //  Configures general heap guard behavior.
+  //
+  // Note:
+  //  a) Due to the limit of pool memory implementation and the alignment
+  //     requirement of UEFI spec, HeapGuard.GuardAlignedToTail is a try-best
+  //     setting which cannot guarantee that the returned pool is exactly
+  //     adjacent to head or tail guard page.
+  //
+  //  .PageGuardEnabled          : Enable page guard.
+  //  .PoolGuardEnabled          : Enable pool guard.
+  //  .NonstopModeEnabled        : If enabled the debug flag will be raised when a fault occurs
+  //                               to break into debugger.
+  //  .GuardAlignedToTail        : TRUE if the pool is aligned to tail guard page. If FALSE, the
+  //                               pool is aligned to head guard page.
+  MM_HEAP_GUARD_POLICY    HeapGuard;
+
+  // Indicates which type allocation need guard page.
+  //
+  // If bit is set, a head guard page and a tail guard page will be added just
+  // before and after corresponding type of pages which the allocated pool occupies,
+  // if there's enough free memory for all of them.
+  //
+  // These settings are only valid if PoolGuardEnabled is TRUE in HeapGuard.
+  MPS_MEMORY_TYPES    PoolGuard;
+
+  // Indicates which type allocation need guard page.
+  //
+  // If a bit is set, a head guard page and a tail guard page will be added just
+  // before and after corresponding type of pages allocated if there's enough
+  // free pages for all of them.
+  //
+  // This bitfield is only valid if PageGuardEnabled is TRUE in HeapGuard.
+  MPS_MEMORY_TYPES    PageGuard;
+} MM_MEMORY_PROTECTION_SETTINGS;
+
+typedef struct {
+  // The memory protection settings in the SMM and Standalone MM environment
+  MM_MEMORY_PROTECTION_SETTINGS     Mm;
+  // The memory protection settings in the DXE environment
+  DXE_MEMORY_PROTECTION_SETTINGS    Dxe;
+} MEMORY_PROTECTION_SETTINGS;
+
+#define MEMORY_PROTECTION_SETTINGS_GUID  \
+  { \
+    { 0x9ABFD639, 0xD1D0, 0x4EFF, { 0xBD, 0xB6, 0x7E, 0xC4, 0x19, 0x0D, 0x17, 0xD5 } } \
+  }
+
+extern GUID  gMemoryProtectionSettingsGuid;
+
+#endif
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index 0ff058b0a9da..624720c7bb40 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -399,6 +399,11 @@ [Guids]
   ## Include/Guid/EndofS3Resume.h
   gEdkiiEndOfS3ResumeGuid = { 0x96f5296d, 0x05f7, 0x4f3c, {0x84, 0x67, 0xe4, 0x56, 0x89, 0x0e, 0x0c, 0xb5 } }
 
+  ## Memory Protection Settings Guid. Used to create and fetch the memory protection settings HOB entry.
+  #
+  # Include/Guid/MemoryProtectionSettings
+  gMemoryProtectionSettingsGuid = { 0x9ABFD639, 0xD1D0, 0x4EFF, { 0xBD, 0xB6, 0x7E, 0xC4, 0x19, 0x0D, 0x17, 0xD5 }}
+
   ## Used (similar to Variable Services) to communicate policies to the enforcement engine.
   # {DA1B0D11-D1A7-46C4-9DC9-F3714875C6EB}
   gVarCheckPolicyLibMmiHandlerGuid = { 0xda1b0d11, 0xd1a7, 0x46c4, { 0x9d, 0xc9, 0xf3, 0x71, 0x48, 0x75, 0xc6, 0xeb }}
-- 
2.42.0.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#108155): https://edk2.groups.io/g/devel/message/108155
Mute This Topic: https://groups.io/mt/101064072/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-



  reply	other threads:[~2023-08-30 23:19 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-08-30 23:18 [edk2-devel] [PATCH v3 00/26] Implement Dynamic Memory Protections Taylor Beebe
2023-08-30 23:18 ` Taylor Beebe [this message]
2023-08-30 23:18 ` [edk2-devel] [PATCH v3 02/26] MdeModulePkg: Define SetMemoryProtectionsLib and GetMemoryProtectionsLib Taylor Beebe
2023-08-30 23:18 ` [edk2-devel] [PATCH v3 03/26] MdeModulePkg: Add NULL Instances for Get/SetMemoryProtectionsLib Taylor Beebe
2023-08-30 23:18 ` [edk2-devel] [PATCH v3 04/26] MdeModulePkg: Implement SetMemoryProtectionsLib and GetMemoryProtectionsLib Taylor Beebe
2023-08-30 23:18 ` [edk2-devel] [PATCH v3 05/26] MdeModulePkg: Copy PEI PCD Database Into New Buffer Taylor Beebe
2023-08-30 23:18 ` [edk2-devel] [PATCH v3 06/26] MdeModulePkg: Apply Protections to the HOB List Taylor Beebe
2023-08-30 23:18 ` [edk2-devel] [PATCH v3 07/26] MdeModulePkg: Check Print Level Before Dumping GCD Memory Map Taylor Beebe
2023-08-30 23:18 ` [edk2-devel] [PATCH v3 08/26] UefiCpuPkg: Always Set Stack Guard in MpPei Init Taylor Beebe
2023-08-30 23:18 ` [edk2-devel] [PATCH v3 09/26] ArmVirtPkg: Add Memory Protection Library Definitions to Platforms Taylor Beebe
2023-08-30 23:18 ` [edk2-devel] [PATCH v3 10/26] OvmfPkg: " Taylor Beebe
2023-08-30 23:18 ` [edk2-devel] [PATCH v3 11/26] OvmfPkg: Apply Memory Protections via SetMemoryProtectionsLib Taylor Beebe
2023-08-30 23:18 ` [edk2-devel] [PATCH v3 12/26] OvmfPkg: Update PeilessStartupLib to use SetMemoryProtectionsLib Taylor Beebe
2023-08-30 23:18 ` [edk2-devel] [PATCH v3 13/26] UefiPayloadPkg: Update DXE Handoff " Taylor Beebe
2023-08-30 23:18 ` [edk2-devel] [PATCH v3 14/26] MdeModulePkg: " Taylor Beebe
2023-08-30 23:18 ` [edk2-devel] [PATCH v3 15/26] ArmPkg: Use GetMemoryProtectionsLib instead of Memory Protection PCDs Taylor Beebe
2023-08-30 23:18 ` [edk2-devel] [PATCH v3 16/26] EmulatorPkg: " Taylor Beebe
2023-08-30 23:18 ` [edk2-devel] [PATCH v3 17/26] OvmfPkg: " Taylor Beebe
2023-08-30 23:18 ` [edk2-devel] [PATCH v3 18/26] UefiCpuPkg: " Taylor Beebe
2023-08-30 23:18 ` [edk2-devel] [PATCH v3 19/26] MdeModulePkg: " Taylor Beebe
2023-08-30 23:18 ` [edk2-devel] [PATCH v3 20/26] MdeModulePkg: Add Additional Profiles to SetMemoryProtectionsLib Taylor Beebe
2023-08-30 23:18 ` [edk2-devel] [PATCH v3 21/26] OvmfPkg: Enable Choosing Memory Protection Profile via QemuCfg Taylor Beebe
2023-09-11 11:27   ` Gerd Hoffmann
2023-08-30 23:18 ` [edk2-devel] [PATCH v3 22/26] ArmVirtPkg: Apply Memory Protections via SetMemoryProtectionsLib Taylor Beebe
2023-08-30 23:18 ` [edk2-devel] [PATCH v3 23/26] MdeModulePkg: Delete PCD Profile from SetMemoryProtectionsLib Taylor Beebe
2023-08-30 23:18 ` [edk2-devel] [PATCH v3 24/26] OvmfPkg: Delete Memory Protection PCDs Taylor Beebe
2023-08-30 23:18 ` [edk2-devel] [PATCH v3 25/26] ArmVirtPkg: " Taylor Beebe
2023-08-30 23:18 ` [edk2-devel] [PATCH v3 26/26] MdeModulePkg: " Taylor Beebe

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230830231851.779-2-taylor.d.beebe@gmail.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox